cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Not able to connect NWA/System Information/User Management portals

Former Member

on ‎09-05-2018 12:30 PM

0 Kudos

Hello Experts,

We have SAP Netweaver 7.50 AS JAVA System on which recently we tried to install SSO 3.0. After that we took restart of JAVA system. Since then we are not able to get NWA/System Information/User Management portals with Java Exception java.lang.StackOverflowError. We checked system is running & able to get StartPage.

You can check below screen shot & Default Trace File Logs for reference.500-internal-server-error.png

<!--LOGHEADER[START]/--> <!--HELP[Manual modification of the header may cause parsing problem!]/-->

<!--LOGGINGVERSION[2.0.7.1006]/-->

<!--NAME[./log/defaultTrace_00.trc]/-->

<!--PATTERN[defaultTrace_00.trc]/--> <!--FORMATTER[com.sap.tc.logging.ListFormatter]/-->

<!--ENCODING[UTF8]/--> <!--FILESET[14, 20, 10485760]/-->

<!--PREVIOUSFILE[defaultTrace_00.13.trc]/-->

<!--NEXTFILE[defaultTrace_00.15.trc]/--> <!--ENGINEVERSION[7.50.3301.412283.20170118095719]/-->

<!--LOGHEADER[END]/--> #2.0#2018 09 05 14:44:33:341#+0530#Error#com.sap.engine.services.security.authentication.logincontext.table# #BC-JAS-SEC#security#C000C0A8020D002C0000000300004805#4568850000000004#sap.com/tc~lm~itsam~ui~mainframe~wd#com.sap.engine.services.security.authentication.logincontext.table#Guest#0##191700B1B0EC11E8A50400000045B712#c489be5eb0e311e8bfe9902b34b5a638##0#Thread[HTTP Worker [@477089047],5,Dedicated_Application_Thread]#Plain## LOGIN.FAILED

User: N/A IP

Address: 192.168.2.153

Authentication Stack: sap.com/tc~lm~itsam~ui~mainframe~wd*webdynpro_resources_sap.com_tc~lm~itsam~ui~mainframe~wd

Authentication Stack Properties: policy_domain = /webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd realm_name = Upload Protected Area Login Module Flag Initialize

Login Commit Abort Details 1. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule SUFFICIENT ok false 2. com.sap.security.jaas.rba.RBALoginModule REQUIRED ok exception null 3. com.sap.security.jaas.otp.TOTPLoginModule SUFFICIENT ok \#1 BasicPasswordLoginModule.UserMappingMode = Email \#2 mode = otp&pwd \#3 tfa.first.factor.login.module = BasicPasswordLoginModule \#4 UserMappingMode = Email

No logon policy was applied#

#2.0#2018 09 05 14:44:33:356#+0530#Error#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl# com.sap.ASJ.web.000137#BC-NWA-INC-UIF#sap.com/tc~lm~itsam~ui~mainframe~wd#C000C0A8020D002C0000000400004805#4568850000000004#sap.com/tc~lm~itsam~ui~mainframe~wd#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#Guest#0#

#191700B1B0EC11E8A50400000045B712#c489be5eb0e311e8bfe9902b34b5a638##0#Thread[HTTP Worker [@477089047],5,Dedicated_Application_Thread]#Plain#

# Cannot process an HTTP request to servlet [dispatcher] in [webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd] web application. [EXCEPTION] java.lang.StackOverflowError

Need your suggestion for getting this problem solve.

Regards,

Prasad D.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Matt_Fraser
Active Contributor
‎09-06-2018 3:57 PM

Hi Prasad,

I know this isn't exactly the error you're getting, but have you looked into whether this might be related to filtering of remote access to administration tools? By default, a newly-installed AS Java system doesn't allow remote access to NWA, so if you want to avoid having to remote console to the machine every time you want to administer it, you need to tweak the icm_filter_rules file.

I wrote about doing this for Windows systems at https://blogs.sap.com/2015/01/28/netweaver-74-sr2-java-basic-configuration/#jive_content_id_NetWeave..., it's discussed in a Wiki at https://wiki.scn.sap.com/wiki/display/Basis/Remote%2Baccess%2Bto%2BNetWeaver%2BAdministration%2Bis%2..., and addressed in Note 1451753.

Perhaps it's as simple as this? If so, this then might also help you with your other issue raised at https://answers.sap.com/questions/624205/how-to-remove-logon-policy-scripts-which-were-impo.html.

Cheers,
Matt

Show replies
Show replies
Former Member
‎09-07-2018 10:19 AM
0 Kudos

Hello Matt,

Thanks for your guidance but I can not see Comment or Reply option below your comment

Just having a Answer option hence writing in answer field.

Also as per your suggestions I checked in icm-filter-rules.txt & Default Profile where configuration is Ok.

SAPDBHOST = sapsrv3

j2ee/dbtype = syb

j2ee/dbname = J2E

j2ee/dbhost = sapsrv3

SAPSYSTEMNAME = J2E

OS_UNICODE = uc

SAPGLOBALHOST = sapsrv3

system/type = J2EE

service/protectedwebmethods = SDEFAULT

#-----------------------------------------------------------------------

# SAP Central Service Instance for J2EE

#-----------------------------------------------------------------------

j2ee/scs/host = sapsrv3

j2ee/scs/system = 01

j2ee/ms/port = 3901

#icm/server_port_0 = PORT=HTTP,PORT=1080,TIMEOUT=30,PROCTIMEOUT=600

icm/HTTP/mod_0 = PREFIX=/,FILE=$(DIR_GLOBAL)/security/data/icm_filter_rules.txt

dbms/type = syb

dbs/syb/schema = SAPSR3DB

dbs/syb/server = sapsrv3

dbs/syb/dbname = J2E

dbs/syb/port = 4901

j2ee/dbport = 4901

rsdb/ssfs_connect = 1

dbs/syb/cache_size = 300

rsec/ssfs_datapath = /usr/sap/J2E/SYS/global/security/rsecssfs/data

rsec/ssfs_keypath = /usr/sap/J2E/SYS/global/security/rsecssfs/key

.

Below is icm_filter_rules file

.

# ICM Rewrite Rules for NWA (restrict access to local host)

#if %{REMOTE_ADDR} !stricmp 127.0.0.1 [AND]

#if %{REMOTE_ADDR} !stricmp ::1 [AND]

#if %{REMOTE_ADDR} !regimatch 192.168.2.*

#RegIRedirectUrl ^/webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd/.*$ /nwa/remote_access_error [QSA]

.

Regards,

Prasad D.

Former Member
‎09-07-2018 4:59 PM
0 Kudos

Hello Mynyna,

I wasn't able to comment or reply on Hemanth's answer & still not able to comment on Matt's comment as no "Comment" or "Reply" option appears here.

Hence I'm writing in answer field.

Need help on this.

Regards,

Prasad D.

Matt_Fraser
Active Contributor
‎09-07-2018 5:14 PM
0 Kudos

Prasad,

Your icm_filter_rules.txt file, as shown above, will restrict remote access to NWA, so that is the problem. You have the critical lines commented out with "#," so if you just remove that symbol, I think it will work. In other words, it should look like this:

# ICM Rewrite Rules for NWA (restrict access to local host and internal segment)
if %{REMOTE_ADDR} !stricmp 127.0.0.1 [AND]
if %{REMOTE_ADDR} !stricmp ::1 [AND]
if %{REMOTE_ADDR} !regimatch 192.168.2.*
RegIRedirectUrl ^/webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd/.*$ /nwa/remote_access_error [QSA]

Give that a try, restart the application, and see if your NWA access works.

Cheers,
Matt

Former Member
‎09-10-2018 6:28 AM
0 Kudos

Hello Matt,

I have tried as per your suggestion by removing # character from icm_filter_rules.txt file & after taking restart problem doesn't get solved.

.

# ICM Rewrite Rules for NWA (restrict access to local host)

if %{REMOTE_ADDR} !stricmp 127.0.0.1 [AND]

if %{REMOTE_ADDR} !stricmp ::1 [AND]

if %{REMOTE_ADDR} !regimatch 192.168.2.*

RegIRedirectUrl ^/webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd/.*$ /nwa/remote_access_error [QSA]

.

Here I'm pasting Latest Default Trace of the system.

.

<!--LOGHEADER[START]/-->
<!--HELP[Manual modification of the header may cause parsing problem!]/-->
<!--LOGGINGVERSION[2.0.7.1006]/-->
<!--NAME[./log/defaultTrace_00.trc]/-->
<!--PATTERN[defaultTrace_00.trc]/-->
<!--FORMATTER[com.sap.tc.logging.ListFormatter]/-->
<!--ENCODING[UTF8]/-->
<!--FILESET[4, 20, 10485760]/-->
<!--PREVIOUSFILE[defaultTrace_00.3.trc]/-->
<!--NEXTFILE[defaultTrace_00.5.trc]/-->
<!--ENGINEVERSION[7.50.3301.412283.20170118095719]/-->
<!--LOGHEADER[END]/-->
#2.0#2018 09 10 10:36:17:622#+0530#Error#com.sap.engine.services.security.authentication.logincontext.table#
#BC-JAS-SEC#security#C000C0A8020D002D0000001200000567#4568850000000060#sap.com/tc~lm~itsam~ui~mainframe~wd#com.sap.engine.services.security.authentication.logincontext.table#Guest#0##3BA3DA00B4B711E8AB2F00000045B712#d92971efb4b611e89c4e902b34b5a638##0#Thread[HTTP Worker [@1329487032],5,Dedicated_Application_Thread]#Plain##
LOGIN.FAILED
User: N/A
IP Address: 192.168.2.153
Authentication Stack: sap.com/tc~lm~itsam~ui~mainframe~wd*webdynpro_resources_sap.com_tc~lm~itsam~ui~mainframe~wd
Authentication Stack Properties:
policy_domain = /webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd
realm_name = Upload Protected Area

Login Module Flag Initialize Login Commit Abort Details
1. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule SUFFICIENT ok false
2. com.sap.security.jaas.rba.RBALoginModule REQUIRED ok exception null
3. com.sap.security.jaas.otp.TOTPLoginModule SUFFICIENT ok
\#1 BasicPasswordLoginModule.UserMappingMode = Email
\#2 mode = otp&pwd
\#3 tfa.first.factor.login.module = BasicPasswordLoginModule
\#4 UserMappingMode = Email
No logon policy was applied#

#2.0#2018 09 10 10:36:17:626#+0530#Error#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#
com.sap.ASJ.web.000137#BC-NWA-INC-UIF#sap.com/tc~lm~itsam~ui~mainframe~wd#C000C0A8020D002D0000001300000567#4568850000000060#sap.com/tc~lm~itsam~ui~mainframe~wd#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#Guest#0##3BA3DA00B4B711E8AB2F00000045B712#d92971efb4b611e89c4e902b34b5a638##0#Thread[HTTP Worker [@1329487032],5,Dedicated_Application_Thread]#Plain##
Cannot process an HTTP request to servlet [dispatcher] in [webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd] web application.
[EXCEPTION]
java.lang.StackOverflowError
at com.sap.engine.services.servlets_jsp.server.runtime.client.HttpParametersWrapper.getApplicationSession(HttpParametersWrapper.java:38)
at com.sap.engine.services.servlets_jsp.server.runtime.client.RequestContext.getSession(RequestContext.java:595)
at com.sap.engine.services.servlets_jsp.server.runtime.client.HttpServletRequestFacadeWrapper.getSession(HttpServletRequestFacadeWrapper.java:327)
at com.sap.engine.interfaces.security.auth.AbstractWebCallbackHandler.getAttributeFromSession(AbstractWebCallbackHandler.java:1404)
at com.sap.engine.interfaces.security.auth.AbstractWebCallbackHandler.parseUserNameAndPassword(AbstractWebCallbackHandler.java:3007)
at com.sap.engine.interfaces.security.auth.AbstractWebCallbackHandler.handle(AbstractWebCallbackHandler.java:2430)
at com.sap.engine.interfaces.security.auth.AbstractWebCallbackHandler.handle(AbstractWebCallbackHandler.java:1144)
at com.sap.engine.interfaces.security.auth.AbstractWebCallbackHandler.handle(AbstractWebCallbackHandler.java:698)
at com.sap.security.jaas.otp.TFACallbackHandler.handleSingleCallback(TFACallbackHandler.java:76)
at com.sap.security.jaas.otp.TFACallbackHandler.handle(TFACallbackHandler.java:67)
at com.sap.security.jaas.otp.ReplayableCallbackHandler.handle(ReplayableCallbackHandler.java:48)
at com.sap.security.jaas.otp.TFACallbackHandler.handleSingleCallback(TFACallbackHandler.java:76)
at com.sap.security.jaas.otp.TFACallbackHandler.handle(TFACallbackHandler.java:67)
at com.sap.security.jaas.otp.modes.OTPAndPwdMode.handleNameAndPasswordCallbacks(OTPAndPwdMode.java:1360)
at com.sap.security.jaas.otp.modes.OTPAndPwdMode.handleCredentials(OTPAndPwdMode.java:1160)
at com.sap.security.jaas.otp.modes.OTPAndPwdMode.firstStageLogin(OTPAndPwdMode.java:449)
at com.sap.security.jaas.otp.modes.OTPAndPwdMode.login(OTPAndPwdMode.java:198)
at com.sap.security.jaas.otp.TOTPLoginModule.login(TOTPLoginModule.java:51)
at com.sap.security.jaas.otp.modes.OTPAndPwdMode.callEmbeddedLoginModule(OTPAndPwdMode.java:800)
at com.sap.security.jaas.otp.modes.OTPAndPwdMode.firstStageLogin(OTPAndPwdMode.java:456)
at com.sap.security.jaas.otp.modes.OTPAndPwdMode.login(OTPAndPwdMode.java:198)
at com.sap.security.jaas.otp.TOTPLoginModule.login(TOTPLoginModule.java:51)

#2.0#2018 09 10 10:36:17:646#+0530#Error#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#
com.sap.ASJ.web.000137#BC-NWA-INC-UIF#sap.com/tc~lm~itsam~ui~mainframe~wd#C000C0A8020D002D0000001500000567#4568850000000060#sap.com/tc~lm~itsam~ui~mainframe~wd#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#Guest#0##3BA3DA00B4B711E8AB2F00000045B712#d92971efb4b611e89c4e902b34b5a638##0#Thread[HTTP Worker [@1329487032],5,Dedicated_Application_Thread]#Plain##
Cannot process an HTTP request to servlet [dispatcher] in [webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd] web application.
For more details on the problem please check traces searching by logId: C000C0A8020D002D0000001300000567#

#2.0#2018 09 10 10:36:17:671#+0530#Error#com.sap.engine.services.servlets_jsp.ISE500#
com.sap.ASJ.web.000500#BC-NWA-INC-UIF#sap.com/tc~lm~itsam~ui~mainframe~wd#C000C0A8020D002D0000001600000567#4568850000000060#sap.com/tc~lm~itsam~ui~mainframe~wd#com.sap.engine.services.servlets_jsp.ISE500#Guest#0##3BA3DA00B4B711E8AB2F00000045B712#d92971efb4b611e89c4e902b34b5a638##0#Thread[HTTP Worker [@1329487032],5,Dedicated_Application_Thread]#Plain##
500 Internal Server Error is returned for HTTP request [http://192.168.2.13:50000/webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd/FloorPlanApp]:
component [dispatcher],
web module [webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd],
application [sap.com/tc~lm~itsam~ui~mainframe~wd],
DC name [sap.com/tc~lm~itsam~ui~mainframe~wd],
CSN component[BC-NWA-INC-UIF],
problem categorization [com.sap.ASJ.web.000137],
internal categorization [859771996].

Regards,

Prasad D

Matt_Fraser
Active Contributor
‎09-10-2018 4:36 PM
0 Kudos

I think perhaps you have a misconfiguration somewhere in your authentication stack. Your next step could be to run a Security Troubleshooting Wizard trace as described in Note 1332726. Also make sure your URL is properly formatted, and that you aren't calling NWA with any URL parameters, such as "?saml2=disabled," etc. Try calling the tool with just http://<server>:<port>/nwa, and nothing else. Have a look at Notes 2676971 and 2673983 for some examples.

You are getting an error with the RBALoginModule in your authentication stack, and then the stack is followed with "no logon policy was applied." This is what I suspect you should focus your efforts on troubleshooting, and I think the wizard will help with that.

Former Member
‎09-11-2018 8:12 AM
0 Kudos

Hello Matt,

I also think the problem might in Authentication Stack or Logon Policy Scripts but exactly where which is I'm unable to find.

As per suggested note 1332726, I have started Security Troubleshooting Wizard & collected the traces but there are of big size 27MB, I cannot attach them here.

So is there any way, that I can send you these traces in .ZIP file?

Also I tried with direct links as (host):(port)/nwa & /useradmin but same 500 Internal Server Error still exists.

Below is the screen shot for Statistics for server.

Kindly suggest is there any way to remove applied Logon Policy Scripts from OS level as NWA is not getting.

Regards,

Prasad D.

Matt_Fraser
Active Contributor
‎09-11-2018 5:46 PM
0 Kudos

The traces collected with the troubleshooting wizard are really for your own use to go through, or to attach to a Customer Incident if you've opened one with SAP Support (which at this point I think you should do). You might want to try collecting them again, but be sure to only turn the trace on right before the point of failure, and turn it off again immediately after, to minimize how much extraneous data is collected. The main thing is to look through the traces yourself to see if anything jumps out at you as a culprit.

Are you sure your system isn't running out of memory?

Former Member
‎09-12-2018 1:22 PM
0 Kudos

Hello Matt,

Thanks for the guidance.

I'm reviewing the trace generated & will inform you if anything culprit is found.

I'm sure about system is not running out of memory issue.

Its something there in Authentication Policy Scripts.

.

Regards,

Prasad D.

hemanth2
Product and Topic Expert
Product and Topic Expert
‎09-05-2018 12:37 PM

Dear Prasad,
Hope you are doing good.
SAP KBA ##2255173 - '"500 Internal Server" due to java.lang.StackOverflowError

seems to deal with the same issue. If this is still not working, attach the latest default trace files from /usr/sap/<SID>/J<nr>/j2ee/server*/logs/defaultTrace*


Kind Regards,
Hemanth Kumar
SAP Product Support
_ _ _ _ _ _ _ _ _ _ _

Show replies
Show replies
Former Member
‎09-05-2018 2:56 PM
0 Kudos

Dear Hemanth,

Thanks for your concern.

I have already checked the Note 2255173 & as per note we have same configuration in our system as per below screen shot.

.

I am not able to upload Latest Default Trace file as

I am getting below error while uploading .txt (979kb) or Zip(.rar) file.

Regards,

Prasad D.

Matt_Fraser
Active Contributor
‎09-05-2018 2:58 PM

Hello Prasad,

Just a quick note, if you want to reply to an answer someone has given you, it is best to do so as a 'comment' on that answer by hitting the 'Reply' button directly under the answer, and not as a new 'answer' to the main question. Doing the former will cause a notification to be sent to the person you are replying to; doing the latter will not, and so they may not notice that you have replied.

Also, you'll note that I have taken the liberty of 'converting' your answer into a comment, so now Hemanth will have been notified.

Cheers,
Matt Fraser
SAP Community Moderator

Ask a Question